Browse all
Known Exploited Vulnerabilities (CISA KEV) — all
The full CISA KEV catalog of vulnerabilities confirmed exploited in the wild — filter and search by year, ransomware use, and date added.
1,621 results
| Urgency | CVE | Name / product | Vendor | KEV added |
|---|---|---|---|---|
| High | CVE-2024-4358 ↗ | Progress Telerik Report Server — Progress Telerik Report Server Authentication... | Progress | Jun 13, 2024 |
| High | CVE-2024-4610 ↗ | Arm Mali GPU Kernel Driver — Arm Mali GPU Kernel Driver Use-After-Free Vulnera... | Arm | Jun 12, 2024 |
| Critical | CVE-2024-4577 ↗ | PHP Group PHP — PHP-CGI OS Command Injection Vulnerability | PHP Group | Jun 12, 2024 |
| High | CVE-2017-3506 ↗ | Oracle WebLogic Server — Oracle WebLogic Server OS Command Injection Vulnerabi... | Oracle | Jun 3, 2024 |
| Critical | CVE-2024-24919 ↗ | Check Point Quantum Security Gateways — Check Point Quantum Security Gateways... | Check Point | May 30, 2024 |
| Critical | CVE-2024-1086 ↗ | Linux Kernel — Linux Kernel Use-After-Free Vulnerability | Linux | May 30, 2024 |
| High | CVE-2024-4978 ↗ | Justice AV Solutions Viewer — Justice AV Solutions (JAVS) Viewer Installer Emb... | Justice AV Solutions | May 29, 2024 |
| High | CVE-2024-5274 ↗ | Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability | May 28, 2024 | |
| High | CVE-2020-17519 ↗ | Apache Flink — Apache Flink Improper Access Control Vulnerability | Apache | May 23, 2024 |
| Critical | CVE-2023-43208 ↗ | NextGen Healthcare Mirth Connect — NextGen Healthcare Mirth Connect Deserializ... | NextGen Healthcare | May 20, 2024 |
| High | CVE-2024-4947 ↗ | Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability | May 20, 2024 | |
| High | CVE-2014-100005 ↗ | D-Link DIR-600 Router — D-Link DIR-600 Router Cross-Site Request Forgery (CSRF... | D-Link | May 16, 2024 |
| High | CVE-2021-40655 ↗ | D-Link DIR-605 Router — D-Link DIR-605 Router Information Disclosure Vulnerabi... | D-Link | May 16, 2024 |
| High | CVE-2024-4761 ↗ | Google Chromium V8 — Google Chromium V8 Out-of-Bounds Memory Write Vulnerabili... | May 16, 2024 | |
| Critical | CVE-2024-30051 ↗ | Microsoft DWM Core Library — Microsoft DWM Core Library Privilege Escalation... | Microsoft | May 14, 2024 |
| High | CVE-2024-30040 ↗ | Microsoft Windows — Microsoft Windows MSHTML Platform Security Feature Bypass... | Microsoft | May 14, 2024 |
| High | CVE-2024-4671 ↗ | Google Chromium — Google Chromium Visuals Use-After-Free Vulnerability | May 13, 2024 | |
| High | CVE-2023-7028 ↗ | GitLab GitLab CE/EE — GitLab Community and Enterprise Editions Improper Access... | GitLab | May 1, 2024 |
| High | CVE-2024-29988 ↗ | Microsoft SmartScreen Prompt — Microsoft SmartScreen Prompt Security Feature B... | Microsoft | Apr 30, 2024 |
| High | CVE-2024-20353 ↗ | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) — C... | Cisco | Apr 24, 2024 |
| High | CVE-2024-20359 ↗ | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) — C... | Cisco | Apr 24, 2024 |
| High | CVE-2024-4040 ↗ | CrushFTP CrushFTP — CrushFTP VFS Sandbox Escape Vulnerability | CrushFTP | Apr 24, 2024 |
| High | CVE-2022-38028 ↗ | Microsoft Windows — Microsoft Windows Print Spooler Privilege Escalation Vulne... | Microsoft | Apr 23, 2024 |
| Critical | CVE-2024-3400 ↗ | Palo Alto Networks PAN-OS — Palo Alto Networks PAN-OS Command Injection Vulner... | Palo Alto Networks | Apr 12, 2024 |
| High | CVE-2024-3272 ↗ | D-Link Multiple NAS Devices — D-Link Multiple NAS Devices Use of Hard-Coded Cr... | D-Link | Apr 11, 2024 |
| High | CVE-2024-3273 ↗ | D-Link Multiple NAS Devices — D-Link Multiple NAS Devices Command Injection Vu... | D-Link | Apr 11, 2024 |
| High | CVE-2024-29745 ↗ | Android Pixel — Android Pixel Information Disclosure Vulnerability | Android | Apr 4, 2024 |
| High | CVE-2024-29748 ↗ | Android Pixel — Android Pixel Privilege Escalation Vulnerability | Android | Apr 4, 2024 |
| Critical | CVE-2023-24955 ↗ | Microsoft SharePoint Server — Microsoft SharePoint Server Code Injection Vulne... | Microsoft | Mar 26, 2024 |
| Critical | CVE-2023-48788 ↗ | Fortinet FortiClient EMS — Fortinet FortiClient EMS SQL Injection Vulnerabilit... | Fortinet | Mar 25, 2024 |
| Critical | CVE-2021-44529 ↗ | Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) — Ivanti Endpoint Ma... | Ivanti | Mar 25, 2024 |
| High | CVE-2019-7256 ↗ | Nice Linear eMerge E3-Series — Nice Linear eMerge E3-Series OS Command Injecti... | Nice | Mar 25, 2024 |
| Critical | CVE-2024-27198 ↗ | JetBrains TeamCity — JetBrains TeamCity Authentication Bypass Vulnerability | JetBrains | Mar 7, 2024 |
| High | CVE-2024-23296 ↗ | Apple Multiple Products — Apple Multiple Products Memory Corruption Vulnerabil... | Apple | Mar 6, 2024 |
| High | CVE-2024-23225 ↗ | Apple Multiple Products — Apple Multiple Products Memory Corruption Vulnerabil... | Apple | Mar 6, 2024 |
| High | CVE-2021-36380 ↗ | Sunhillo SureLine — Sunhillo SureLine OS Command Injection Vulnerablity | Sunhillo | Mar 5, 2024 |
| High | CVE-2023-21237 ↗ | Android Pixel — Android Pixel Information Disclosure Vulnerability | Android | Mar 5, 2024 |
| Critical | CVE-2024-21338 ↗ | Microsoft Windows — Microsoft Windows Kernel Exposed IOCTL with Insufficient A... | Microsoft | Mar 4, 2024 |
| High | CVE-2023-29360 ↗ | Microsoft Streaming Service — Microsoft Streaming Service Untrusted Pointer De... | Microsoft | Feb 29, 2024 |
| Critical | CVE-2024-1709 ↗ | ConnectWise ScreenConnect — ConnectWise ScreenConnect Authentication Bypass Vu... | ConnectWise | Feb 22, 2024 |
| High | CVE-2024-21410 ↗ | Microsoft Exchange Server — Microsoft Exchange Server Privilege Escalation Vul... | Microsoft | Feb 15, 2024 |
| Critical | CVE-2020-3259 ↗ | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) — C... | Cisco | Feb 15, 2024 |
| High | CVE-2024-21351 ↗ | Microsoft Windows — Microsoft Windows SmartScreen Security Feature Bypass Vuln... | Microsoft | Feb 13, 2024 |
| Critical | CVE-2024-21412 ↗ | Microsoft Windows — Microsoft Windows Internet Shortcut Files Security Feature... | Microsoft | Feb 13, 2024 |
| High | CVE-2023-43770 ↗ | Roundcube Webmail — Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vu... | Roundcube | Feb 12, 2024 |
| Critical | CVE-2024-21762 ↗ | Fortinet FortiOS — Fortinet FortiOS Out-of-Bound Write Vulnerability | Fortinet | Feb 9, 2024 |
| High | CVE-2023-4762 ↗ | Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability | Feb 6, 2024 | |
| Critical | CVE-2024-21893 ↗ | Ivanti Connect Secure, Policy Secure, and Neurons — Ivanti Connect Secure, Pol... | Ivanti | Jan 31, 2024 |
| High | CVE-2022-48618 ↗ | Apple Multiple Products — Apple Multiple Products Memory Corruption Vulnerabil... | Apple | Jan 31, 2024 |
| Critical | CVE-2023-22527 ↗ | Atlassian Confluence Data Center and Server — Atlassian Confluence Data Center... | Atlassian | Jan 24, 2024 |
Source: official U.S. government open data. This is an organized index, not an official U.S. government site. "Explained" links to our summary page; otherwise links go to the official primary source.